YADIS as an abstraction layer
Granqvist, Hans
hgranqvist at verisign.com
Tue Nov 1 14:01:02 PST 2005
> Most human-readable things on the web are HTML. People are familiar with
> HTML. There are lots of people that can write HTML but don't even know
> what HTTP headers are, let alone how to change them.
> . . .
> Sure, it's not ideal from a technological perspective, but
> pie-in-the-sky pure implementations that don't pay any mind to current
> realities rarely get very far.
Oh, I agree with this. Most of it.
The reliance on HTML should be made explicit somehow . . . People don't
break protocols. Implicit dependencies break protocols. ;)
Perhaps: the requested format of the response is part of the request, a la
"format=xyz" param/value, where HTML is the default value, or similar.
>> Secondly, about the capability description document: It seems risky to
>> have identity leaking through (a username can tell a lot -- and quite a
>> few people base passwords on the username too). I think there is a real
>> risk here.
>
>
>This is an intreiguing observation. I'm a little taken aback by it since
>people share usernames all the time. Do you have a solution in mind?
Not as such. I just happened to see plaintext usernames in the response
and thought about the old "i_hate_xyz" username problem.
I'll have to think further what it all means.
Hans
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.danga.com/pipermail/yadis/attachments/20051101/eda88d53/attachment.htm
More information about the yadis
mailing list